author  wenzelm 
Sun, 11 Jan 2009 21:49:59 +0100  
changeset 29450  ac7f67be7f1f 
parent 27239  f2f42f9fa09d 
child 32010  cb1a1c94b4cd 
permissions  rwrr 
17456  1 
(* Title: CCL/CCL.thy 
0  2 
ID: $Id$ 
1474  3 
Author: Martin Coen 
0  4 
Copyright 1993 University of Cambridge 
5 
*) 

6 

17456  7 
header {* Classical Computational Logic for Untyped Lambda Calculus 
8 
with reduction to weak headnormal form *} 

0  9 

17456  10 
theory CCL 
11 
imports Gfp 

12 
begin 

0  13 

17456  14 
text {* 
15 
Based on FOL extended with set collection, a primitive higherorder 

16 
logic. HOL is too strong  descriptions prevent a type of programs 

17 
being defined which contains only executable terms. 

18 
*} 

0  19 

17456  20 
classes prog < "term" 
21 
defaultsort prog 

22 

24825  23 
arities "fun" :: (prog, prog) prog 
17456  24 

25 
typedecl i 

26 
arities i :: prog 

27 

0  28 

29 
consts 

30 
(*** Evaluation Judgement ***) 

24825  31 
Eval :: "[i,i]=>prop" (infixl ">" 20) 
0  32 

33 
(*** Bisimulations for preorder and equality ***) 

24825  34 
po :: "['a,'a]=>o" (infixl "[=" 50) 
0  35 
SIM :: "[i,i,i set]=>o" 
17456  36 
POgen :: "i set => i set" 
37 
EQgen :: "i set => i set" 

38 
PO :: "i set" 

39 
EQ :: "i set" 

0  40 

41 
(*** Term Formers ***) 

17456  42 
true :: "i" 
43 
false :: "i" 

0  44 
pair :: "[i,i]=>i" ("(1<_,/_>)") 
45 
lambda :: "(i=>i)=>i" (binder "lam " 55) 

17456  46 
"case" :: "[i,i,i,[i,i]=>i,(i=>i)=>i]=>i" 
24825  47 
"apply" :: "[i,i]=>i" (infixl "`" 56) 
0  48 
bot :: "i" 
17456  49 
"fix" :: "(i=>i)=>i" 
0  50 

51 
(*** Defined Predicates ***) 

17456  52 
Trm :: "i => o" 
53 
Dvg :: "i => o" 

0  54 

17456  55 
axioms 
0  56 

57 
(******* EVALUATION SEMANTICS *******) 

58 

59 
(** This is the evaluation semantics from which the axioms below were derived. **) 

60 
(** It is included here just as an evaluator for FUN and has no influence on **) 

61 
(** inference in the theory CCL. **) 

62 

17456  63 
trueV: "true > true" 
64 
falseV: "false > false" 

65 
pairV: "<a,b> > <a,b>" 

66 
lamV: "lam x. b(x) > lam x. b(x)" 

67 
caseVtrue: "[ t > true; d > c ] ==> case(t,d,e,f,g) > c" 

68 
caseVfalse: "[ t > false; e > c ] ==> case(t,d,e,f,g) > c" 

69 
caseVpair: "[ t > <a,b>; f(a,b) > c ] ==> case(t,d,e,f,g) > c" 

70 
caseVlam: "[ t > lam x. b(x); g(b) > c ] ==> case(t,d,e,f,g) > c" 

0  71 

72 
(*** Properties of evaluation: note that "t > c" impies that c is canonical ***) 

73 

17456  74 
canonical: "[ t > c; c==true ==> u>v; 
75 
c==false ==> u>v; 

76 
!!a b. c==<a,b> ==> u>v; 

77 
!!f. c==lam x. f(x) ==> u>v ] ==> 

1149  78 
u>v" 
0  79 

80 
(* Should be derivable  but probably a bitch! *) 

17456  81 
substitute: "[ a==a'; t(a)>c(a) ] ==> t(a')>c(a')" 
0  82 

83 
(************** LOGIC ***************) 

84 

85 
(*** Definitions used in the following rules ***) 

86 

17456  87 
apply_def: "f ` t == case(f,bot,bot,%x y. bot,%u. u(t))" 
88 
bot_def: "bot == (lam x. x`x)`(lam x. x`x)" 

89 
fix_def: "fix(f) == (lam x. f(x`x))`(lam x. f(x`x))" 

0  90 

91 
(* The preorder ([=) is defined as a simulation, and behavioural equivalence (=) *) 

92 
(* as a bisimulation. They can both be expressed as (bi)simulations up to *) 

93 
(* behavioural equivalence (ie the relations PO and EQ defined below). *) 

94 

17456  95 
SIM_def: 
96 
"SIM(t,t',R) == (t=true & t'=true)  (t=false & t'=false)  

97 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R)  

3837  98 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x.<f(x),f'(x)> : R))" 
0  99 

17456  100 
POgen_def: "POgen(R) == {p. EX t t'. p=<t,t'> & (t = bot  SIM(t,t',R))}" 
101 
EQgen_def: "EQgen(R) == {p. EX t t'. p=<t,t'> & (t = bot & t' = bot  SIM(t,t',R))}" 

0  102 

17456  103 
PO_def: "PO == gfp(POgen)" 
104 
EQ_def: "EQ == gfp(EQgen)" 

0  105 

106 
(*** Rules ***) 

107 

108 
(** Partial Order **) 

109 

17456  110 
po_refl: "a [= a" 
111 
po_trans: "[ a [= b; b [= c ] ==> a [= c" 

112 
po_cong: "a [= b ==> f(a) [= f(b)" 

0  113 

114 
(* Extend definition of [= to program fragments of higher type *) 

17456  115 
po_abstractn: "(!!x. f(x) [= g(x)) ==> (%x. f(x)) [= (%x. g(x))" 
0  116 

117 
(** Equality  equivalence axioms inherited from FOL.thy **) 

118 
(**  congruence of "=" is axiomatised implicitly **) 

119 

17456  120 
eq_iff: "t = t' <> t [= t' & t' [= t" 
0  121 

122 
(** Properties of canonical values given by greatest fixed point definitions **) 

17456  123 

124 
PO_iff: "t [= t' <> <t,t'> : PO" 

125 
EQ_iff: "t = t' <> <t,t'> : EQ" 

0  126 

127 
(** Behaviour of noncanonical terms (ie case) given by the following betarules **) 

128 

17456  129 
caseBtrue: "case(true,d,e,f,g) = d" 
130 
caseBfalse: "case(false,d,e,f,g) = e" 

131 
caseBpair: "case(<a,b>,d,e,f,g) = f(a,b)" 

132 
caseBlam: "case(lam x. b(x),d,e,f,g) = g(b)" 

133 
caseBbot: "case(bot,d,e,f,g) = bot" (* strictness *) 

0  134 

135 
(** The theory is nontrivial **) 

17456  136 
distinctness: "~ lam x. b(x) = bot" 
0  137 

138 
(*** Definitions of Termination and Divergence ***) 

139 

17456  140 
Dvg_def: "Dvg(t) == t = bot" 
141 
Trm_def: "Trm(t) == ~ Dvg(t)" 

0  142 

17456  143 
text {* 
0  144 
Would be interesting to build a similar theory for a typed programming language: 
145 
ie. true :: bool, fix :: ('a=>'a)=>'a etc...... 

146 

147 
This is starting to look like LCF. 

17456  148 
What are the advantages of this approach? 
149 
 less axiomatic 

0  150 
 wfd induction / coinduction and fixed point induction available 
17456  151 
*} 
152 

20140  153 

154 
lemmas ccl_data_defs = apply_def fix_def 

155 
and [simp] = po_refl 

156 

157 

158 
subsection {* Congruence Rules *} 

159 

160 
(*similar to AP_THM in Gordon's HOL*) 

161 
lemma fun_cong: "(f::'a=>'b) = g ==> f(x)=g(x)" 

162 
by simp 

163 

164 
(*similar to AP_TERM in Gordon's HOL and FOL's subst_context*) 

165 
lemma arg_cong: "x=y ==> f(x)=f(y)" 

166 
by simp 

167 

168 
lemma abstractn: "(!!x. f(x) = g(x)) ==> f = g" 

169 
apply (simp add: eq_iff) 

170 
apply (blast intro: po_abstractn) 

171 
done 

172 

173 
lemmas caseBs = caseBtrue caseBfalse caseBpair caseBlam caseBbot 

174 

175 

176 
subsection {* Termination and Divergence *} 

177 

178 
lemma Trm_iff: "Trm(t) <> ~ t = bot" 

179 
by (simp add: Trm_def Dvg_def) 

180 

181 
lemma Dvg_iff: "Dvg(t) <> t = bot" 

182 
by (simp add: Trm_def Dvg_def) 

183 

184 

185 
subsection {* Constructors are injective *} 

186 

187 
lemma eq_lemma: "[ x=a; y=b; x=y ] ==> a=b" 

188 
by simp 

189 

190 
ML {* 

24825  191 
fun mk_inj_rl thy rews s = 
192 
let 

193 
fun mk_inj_lemmas r = [@{thm arg_cong}] RL [r RS (r RS @{thm eq_lemma})] 

194 
val inj_lemmas = List.concat (map mk_inj_lemmas rews) 

195 
val tac = REPEAT (ares_tac [iffI, allI, conjI] 1 ORELSE 

196 
eresolve_tac inj_lemmas 1 ORELSE 

197 
asm_simp_tac (Simplifier.theory_context thy @{simpset} addsimps rews) 1) 

198 
in prove_goal thy s (fn _ => [tac]) end 

20140  199 
*} 
200 

201 
ML {* 

202 
bind_thms ("ccl_injs", 

24825  203 
map (mk_inj_rl @{theory} @{thms caseBs}) 
20140  204 
["<a,b> = <a',b'> <> (a=a' & b=b')", 
205 
"(lam x. b(x) = lam x. b'(x)) <> ((ALL z. b(z)=b'(z)))"]) 

206 
*} 

207 

208 

209 
lemma pair_inject: "<a,b> = <a',b'> \<Longrightarrow> (a = a' \<Longrightarrow> b = b' \<Longrightarrow> R) \<Longrightarrow> R" 

210 
by (simp add: ccl_injs) 

211 

212 

213 
subsection {* Constructors are distinct *} 

214 

215 
lemma lem: "t=t' ==> case(t,b,c,d,e) = case(t',b,c,d,e)" 

216 
by simp 

217 

218 
ML {* 

219 

220 
local 

221 
fun pairs_of f x [] = [] 

222 
 pairs_of f x (y::ys) = (f x y) :: (f y x) :: (pairs_of f x ys) 

223 

224 
fun mk_combs ff [] = [] 

225 
 mk_combs ff (x::xs) = (pairs_of ff x xs) @ mk_combs ff xs 

226 

227 
(* Doesn't handle binder types correctly *) 

228 
fun saturate thy sy name = 

229 
let fun arg_str 0 a s = s 

230 
 arg_str 1 a s = "(" ^ a ^ "a" ^ s ^ ")" 

231 
 arg_str n a s = arg_str (n1) a ("," ^ a ^ (chr((ord "a")+n1)) ^ s) 

232 
val T = Sign.the_const_type thy (Sign.intern_const thy sy); 

233 
val arity = length (fst (strip_type T)) 

234 
in sy ^ (arg_str arity name "") end 

235 

236 
fun mk_thm_str thy a b = "~ " ^ (saturate thy a "a") ^ " = " ^ (saturate thy b "b") 

237 

238 
val lemma = thm "lem"; 

239 
val eq_lemma = thm "eq_lemma"; 

240 
val distinctness = thm "distinctness"; 

241 
fun mk_lemma (ra,rb) = [lemma] RL [ra RS (rb RS eq_lemma)] RL 

242 
[distinctness RS notE,sym RS (distinctness RS notE)] 

243 
in 

244 
fun mk_lemmas rls = List.concat (map mk_lemma (mk_combs pair rls)) 

245 
fun mk_dstnct_rls thy xs = mk_combs (mk_thm_str thy) xs 

246 
end 

247 

248 
*} 

249 

250 
ML {* 

251 

252 
val caseB_lemmas = mk_lemmas (thms "caseBs") 

253 

254 
val ccl_dstncts = 

255 
let fun mk_raw_dstnct_thm rls s = 

256 
prove_goal (the_context ()) s (fn _=> [rtac notI 1,eresolve_tac rls 1]) 

257 
in map (mk_raw_dstnct_thm caseB_lemmas) 

258 
(mk_dstnct_rls (the_context ()) ["bot","true","false","pair","lambda"]) end 

259 

260 
fun mk_dstnct_thms thy defs inj_rls xs = 

261 
let fun mk_dstnct_thm rls s = prove_goalw thy defs s 

262 
(fn _ => [simp_tac (simpset_of thy addsimps (rls@inj_rls)) 1]) 

263 
in map (mk_dstnct_thm ccl_dstncts) (mk_dstnct_rls thy xs) end 

264 

265 
fun mkall_dstnct_thms thy defs i_rls xss = List.concat (map (mk_dstnct_thms thy defs i_rls) xss) 

266 

267 
(*** Rewriting and Proving ***) 

268 

269 
fun XH_to_I rl = rl RS iffD2 

270 
fun XH_to_D rl = rl RS iffD1 

271 
val XH_to_E = make_elim o XH_to_D 

272 
val XH_to_Is = map XH_to_I 

273 
val XH_to_Ds = map XH_to_D 

274 
val XH_to_Es = map XH_to_E; 

275 

276 
bind_thms ("ccl_rews", thms "caseBs" @ ccl_injs @ ccl_dstncts); 

277 
bind_thms ("ccl_dstnctsEs", ccl_dstncts RL [notE]); 

278 
bind_thms ("ccl_injDs", XH_to_Ds (thms "ccl_injs")); 

279 
*} 

280 

281 
lemmas [simp] = ccl_rews 

282 
and [elim!] = pair_inject ccl_dstnctsEs 

283 
and [dest!] = ccl_injDs 

284 

285 

286 
subsection {* Facts from gfp Definition of @{text "[="} and @{text "="} *} 

287 

288 
lemma XHlemma1: "[ A=B; a:B <> P ] ==> a:A <> P" 

289 
by simp 

290 

291 
lemma XHlemma2: "(P(t,t') <> Q) ==> (<t,t'> : {p. EX t t'. p=<t,t'> & P(t,t')} <> Q)" 

292 
by blast 

293 

294 

295 
subsection {* PreOrder *} 

296 

297 
lemma POgen_mono: "mono(%X. POgen(X))" 

298 
apply (unfold POgen_def SIM_def) 

299 
apply (rule monoI) 

300 
apply blast 

301 
done 

302 

303 
lemma POgenXH: 

304 
"<t,t'> : POgen(R) <> t= bot  (t=true & t'=true)  (t=false & t'=false)  

305 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R)  

306 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. <f(x),f'(x)> : R))" 

307 
apply (unfold POgen_def SIM_def) 

308 
apply (rule iff_refl [THEN XHlemma2]) 

309 
done 

310 

311 
lemma poXH: 

312 
"t [= t' <> t=bot  (t=true & t'=true)  (t=false & t'=false)  

313 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & a [= a' & b [= b')  

314 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. f(x) [= f'(x)))" 

315 
apply (simp add: PO_iff del: ex_simps) 

316 
apply (rule POgen_mono 

317 
[THEN PO_def [THEN def_gfp_Tarski], THEN XHlemma1, unfolded POgen_def SIM_def]) 

318 
apply (rule iff_refl [THEN XHlemma2]) 

319 
done 

320 

321 
lemma po_bot: "bot [= b" 

322 
apply (rule poXH [THEN iffD2]) 

323 
apply simp 

324 
done 

325 

326 
lemma bot_poleast: "a [= bot ==> a=bot" 

327 
apply (drule poXH [THEN iffD1]) 

328 
apply simp 

329 
done 

330 

331 
lemma po_pair: "<a,b> [= <a',b'> <> a [= a' & b [= b'" 

332 
apply (rule poXH [THEN iff_trans]) 

333 
apply simp 

334 
done 

335 

336 
lemma po_lam: "lam x. f(x) [= lam x. f'(x) <> (ALL x. f(x) [= f'(x))" 

337 
apply (rule poXH [THEN iff_trans]) 

338 
apply fastsimp 

339 
done 

340 

341 
lemmas ccl_porews = po_bot po_pair po_lam 

342 

343 
lemma case_pocong: 

344 
assumes 1: "t [= t'" 

345 
and 2: "a [= a'" 

346 
and 3: "b [= b'" 

347 
and 4: "!!x y. c(x,y) [= c'(x,y)" 

348 
and 5: "!!u. d(u) [= d'(u)" 

349 
shows "case(t,a,b,c,d) [= case(t',a',b',c',d')" 

350 
apply (rule 1 [THEN po_cong, THEN po_trans]) 

351 
apply (rule 2 [THEN po_cong, THEN po_trans]) 

352 
apply (rule 3 [THEN po_cong, THEN po_trans]) 

353 
apply (rule 4 [THEN po_abstractn, THEN po_abstractn, THEN po_cong, THEN po_trans]) 

354 
apply (rule_tac f1 = "%d. case (t',a',b',c',d)" in 

355 
5 [THEN po_abstractn, THEN po_cong, THEN po_trans]) 

356 
apply (rule po_refl) 

357 
done 

358 

359 
lemma apply_pocong: "[ f [= f'; a [= a' ] ==> f ` a [= f' ` a'" 

360 
unfolding ccl_data_defs 

361 
apply (rule case_pocong, (rule po_refl  assumption)+) 

362 
apply (erule po_cong) 

363 
done 

364 

365 
lemma npo_lam_bot: "~ lam x. b(x) [= bot" 

366 
apply (rule notI) 

367 
apply (drule bot_poleast) 

368 
apply (erule distinctness [THEN notE]) 

369 
done 

370 

371 
lemma po_lemma: "[ x=a; y=b; x[=y ] ==> a[=b" 

372 
by simp 

373 

374 
lemma npo_pair_lam: "~ <a,b> [= lam x. f(x)" 

375 
apply (rule notI) 

376 
apply (rule npo_lam_bot [THEN notE]) 

377 
apply (erule case_pocong [THEN caseBlam [THEN caseBpair [THEN po_lemma]]]) 

378 
apply (rule po_refl npo_lam_bot)+ 

379 
done 

380 

381 
lemma npo_lam_pair: "~ lam x. f(x) [= <a,b>" 

382 
apply (rule notI) 

383 
apply (rule npo_lam_bot [THEN notE]) 

384 
apply (erule case_pocong [THEN caseBpair [THEN caseBlam [THEN po_lemma]]]) 

385 
apply (rule po_refl npo_lam_bot)+ 

386 
done 

387 

388 
ML {* 

389 

390 
local 

391 
fun mk_thm s = prove_goal (the_context ()) s (fn _ => 

392 
[rtac notI 1,dtac (thm "case_pocong") 1,etac rev_mp 5, 

26342  393 
ALLGOALS (simp_tac @{simpset}), 
20140  394 
REPEAT (resolve_tac [thm "po_refl", thm "npo_lam_bot"] 1)]) 
395 
in 

396 

397 
val npo_rls = [thm "npo_pair_lam", thm "npo_lam_pair"] @ map mk_thm 

398 
["~ true [= false", "~ false [= true", 

399 
"~ true [= <a,b>", "~ <a,b> [= true", 

400 
"~ true [= lam x. f(x)","~ lam x. f(x) [= true", 

401 
"~ false [= <a,b>", "~ <a,b> [= false", 

402 
"~ false [= lam x. f(x)","~ lam x. f(x) [= false"] 

403 
end; 

404 

405 
bind_thms ("npo_rls", npo_rls); 

406 
*} 

407 

408 

409 
subsection {* Coinduction for @{text "[="} *} 

410 

411 
lemma po_coinduct: "[ <t,u> : R; R <= POgen(R) ] ==> t [= u" 

412 
apply (rule PO_def [THEN def_coinduct, THEN PO_iff [THEN iffD2]]) 

413 
apply assumption+ 

414 
done 

415 

416 
ML {* 

27208
5fe899199f85
proper context for tactics derived from res_inst_tac;
wenzelm
parents:
27146
diff
changeset

417 
fun po_coinduct_tac ctxt s i = 
27239  418 
res_inst_tac ctxt [(("R", 0), s)] @{thm po_coinduct} i 
20140  419 
*} 
420 

421 

422 
subsection {* Equality *} 

423 

424 
lemma EQgen_mono: "mono(%X. EQgen(X))" 

425 
apply (unfold EQgen_def SIM_def) 

426 
apply (rule monoI) 

427 
apply blast 

428 
done 

429 

430 
lemma EQgenXH: 

431 
"<t,t'> : EQgen(R) <> (t=bot & t'=bot)  (t=true & t'=true)  

432 
(t=false & t'=false)  

433 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : R & <b,b'> : R)  

434 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x.<f(x),f'(x)> : R))" 

435 
apply (unfold EQgen_def SIM_def) 

436 
apply (rule iff_refl [THEN XHlemma2]) 

437 
done 

438 

439 
lemma eqXH: 

440 
"t=t' <> (t=bot & t'=bot)  (t=true & t'=true)  (t=false & t'=false)  

441 
(EX a a' b b'. t=<a,b> & t'=<a',b'> & a=a' & b=b')  

442 
(EX f f'. t=lam x. f(x) & t'=lam x. f'(x) & (ALL x. f(x)=f'(x)))" 

443 
apply (subgoal_tac "<t,t'> : EQ <> (t=bot & t'=bot)  (t=true & t'=true)  (t=false & t'=false)  (EX a a' b b'. t=<a,b> & t'=<a',b'> & <a,a'> : EQ & <b,b'> : EQ)  (EX f f'. t=lam x. f (x) & t'=lam x. f' (x) & (ALL x. <f (x) ,f' (x) > : EQ))") 

444 
apply (erule rev_mp) 

445 
apply (simp add: EQ_iff [THEN iff_sym]) 

446 
apply (rule EQgen_mono [THEN EQ_def [THEN def_gfp_Tarski], THEN XHlemma1, 

447 
unfolded EQgen_def SIM_def]) 

448 
apply (rule iff_refl [THEN XHlemma2]) 

449 
done 

450 

451 
lemma eq_coinduct: "[ <t,u> : R; R <= EQgen(R) ] ==> t = u" 

452 
apply (rule EQ_def [THEN def_coinduct, THEN EQ_iff [THEN iffD2]]) 

453 
apply assumption+ 

454 
done 

455 

456 
lemma eq_coinduct3: 

457 
"[ <t,u> : R; R <= EQgen(lfp(%x. EQgen(x) Un R Un EQ)) ] ==> t = u" 

458 
apply (rule EQ_def [THEN def_coinduct3, THEN EQ_iff [THEN iffD2]]) 

459 
apply (rule EQgen_mono  assumption)+ 

460 
done 

461 

462 
ML {* 

27239  463 
fun eq_coinduct_tac ctxt s i = res_inst_tac ctxt [(("R", 0), s)] @{thm eq_coinduct} i 
464 
fun eq_coinduct3_tac ctxt s i = res_inst_tac ctxt [(("R", 0), s)] @{thm eq_coinduct3} i 

20140  465 
*} 
466 

467 

468 
subsection {* Untyped Case Analysis and Other Facts *} 

469 

470 
lemma cond_eta: "(EX f. t=lam x. f(x)) ==> t = lam x.(t ` x)" 

471 
by (auto simp: apply_def) 

472 

473 
lemma exhaustion: "(t=bot)  (t=true)  (t=false)  (EX a b. t=<a,b>)  (EX f. t=lam x. f(x))" 

474 
apply (cut_tac refl [THEN eqXH [THEN iffD1]]) 

475 
apply blast 

476 
done 

477 

478 
lemma term_case: 

479 
"[ P(bot); P(true); P(false); !!x y. P(<x,y>); !!b. P(lam x. b(x)) ] ==> P(t)" 

480 
using exhaustion [of t] by blast 

17456  481 

482 
end 